Nov 6, 2017

Prevent SQL Injection in Java Code

Prevent SQL Injection in Java Code

PreparedStatement is the way to go. PreparedStatement not only provides better performance but also shield from SQL Injection attack. If you are working more on Java EE or J2EE side, than you should also be familiar with other security issues including Session Fixation attack or Cross Site Scripting attack and how to resolve them.